Trinetra
Trinetra
Cyber Defense
Home / Threat Intel / Group · Dragonforce
Ransomware · Threat Group Dossier Active · currently disclosing victims

Dragonforce

Dragonforce is a ransomware operation with 488 publicly named victims. Double-extortion: data theft, encryption, leak-site shaming.

488
Named victims
153
In 2026
51
Countries hit
17 Apr 2026
Last disclosure

fingerprintDossier

Active since
Tracked on public leak sites
Origin / attribution
Unattributed
Known aliases
None publicly tracked.
Common initial access
Valid credentials, exposed remote services, phishing.
TTPs & tradecraft
Double-extortion: data theft, encryption, leak-site shaming.

publicTop countries hit

United States196
United Kingdom31
Germany26
Italy15
Australia14
Canada13
France10
Brazil6

factoryTop sectors targeted

Not Found132
Manufacturing63
Business Services51
Technology46
Construction36
Healthcare27
Transportation/Logistics23
Financial Services17

historyRecent named victims

medicalnetworks CJ GmbH & Co. KG
DE · Healthcare · 17 Apr 2026
Empower Group
Business Services · 16 Apr 2026
Curtis Design Group
Business Services · 15 Apr 2026
McCOR
Not Found · 15 Apr 2026
bela - pharm
DE · Healthcare · 15 Apr 2026
Apply Capnor
Not Found · 14 Apr 2026
breslinbuilders.com
Construction · 14 Apr 2026
tulsachamber.com
US · Business Services · 14 Apr 2026
milliondollarbabyco.com
Consumer Services · 14 Apr 2026
graphicinfo.com
US · Business Services · 14 Apr 2026
gtlcompany.com
Business Services · 14 Apr 2026
tremcar.com
CA · Transportation/Logistics · 14 Apr 2026
imadesign.com
US · Business Services · 14 Apr 2026
advprograms.com
US · Technology · 14 Apr 2026
novafp.com
BR · Business Services · 14 Apr 2026

Sourced from open leak-site monitoring · Generated 20 Apr 2026